I have 2 instances of GRC RAR (sp13) pointed to the same backend systems, and functions/risks identical (imported from same source). The issue is that on one of the instances, critical risks (for a user) are found and on the other they are not, and the user does have the risk. Any ideas?
at this point the only thing I checked was critical actions and critical permissions and they both show false negatives. I suspect that SOD checks will also have issues. It doesn't happen every time on every risk, but is repeatable. In other words, a particular risk will show false negatives and will always show false negatives, while one that doesn't won't ever show a false negative.
I have done as you suggested twice.....when you compare the rules on screen, they appear identical. And yes, I am using logical systems on both instances, when I bring over the functions, risks, rules, etc. I am also bringing over the connectors and logical systems.
Add a comment